Who is F5?

DNS is the new intelligence

Lori MacVittie

Published August 04, 2015

Cloud has changed a great many things. It’s forcing us to rethink IT strategies across every line of business. It’s changing the way we develop and deploy applications (think DevOps). And it’s completely disrupted just about every industry’s business model, moving us from traditional licensing of software and hardware to more utility, usage-based and subscription models.

What it hasn’t changed is the need for availability and performance and security. In fact, while cloud has been consuming our strategies and budgets, consumers have been, well, consuming mobile and web applications with a seemingly insatiable appetite. Lack of availability or poor performance can mean the difference between success and failure in this demanding app economy.

And while we’re definitely adopting and adapting to a hybrid world with applications spread across a variety of cloud providers and data centers, we shouldn’t forget that without visibility into those variables we aren’t going to be able to provide either performance or availability.

Nor should we forget that DNS is the first opportunity we have to use that intelligence wisely.

As the digital phone book for all things Internet, DNS is integral to just about every single app, thing, and device on the planet. It’s the backbone of business continuity, the assurer of availability, and first among all discovery services. Without DNS the entire application world would simply cease to be.

Though we tend to recognize the critical nature of DNS to all things digital – especially in areas involving performance - we don’t always recognize how intelligent DNS plays a similarly important role the burgeoning hybrid data center.

The Smarts in the Cloud

DNS is, or can be if it’s the right DNS, a source of actionable intelligence for both security and hybrid cloud. That’s because DNS, when enabled with visibility into the applications it services, can make intelligent decisions regarding the answer to the question, “Where is this app?”

Questions that include location of clients as well as current status of the app. Is it slow? Is it available? Is there another site where this app is hosted that might be a better fit right now?

It’s that kind of visibility that’s imperative in today’s app economy to meeting and exceeding the expectations consumers and employees have for their application experience. Visibility not only locally, but globally, across the increasingly hybrid business model comprised of applications not only hosted by multiple cloud providers but in multiple cloud provider locations around the world. That’s one of the advantages of BIG-IP DNS; it’s not only hyperscaled with capacity, it’s smart DNS, able to monitor the state and performance of applications across the entire hybrid spectrum, collaborating with every other BIG-IP DNS to understand in real time where every client should be directed.

Or if it should answer the client at all.

DNS DDoS attacks are growing. Recent research reported an “estimated a 100-fold growth of DNS-based DDoS attacks in 2014, with a clear trend of attacks increasing and intensifying in 2015.” Another report indicates a “continuation of extremely high volume attacks” in 2015. Hijacking and other DNS-based attacks have been a source of frustration for several high-profile businesses in the past year, with more likely to come.

That means DNS also needs a high degree of intelligence when it comes to detecting the attacks that can impact any – or all – applications regardless of in which cloud or data center they may be deployed.

DNS Security

DNS is, by design and definition, an open service. One does not simply lock down DNS to avoid volumetric attacks that might interfere with legitimate uses. Like public-facing web applications, DNS must remain open and available even in the face of extreme pressure whether that pressure is exerted by increased legitimate demand or attacks. That means DNS must simultaneously be able to fend for itself; it must be able to detect and defend against attacks while continuing to serve legitimate requests with alacrity.

And by alacrity I mean extreme alacrity. DNS lookups are often fingered as being at least partially (if not more) responsible for poor mobile app performance. So the faster DNS can respond to a request, the better it is – for everyone. But like most services, DNS is often hampered by the need to secure against attacks that target it and the apps for which it is providing services.

Validating protocols is a fairly common technique to prevent successful corruption of DNS records. But validation takes time; time that ends up inflating response times that ultimately degrade the overall application experience. So it’s critical that protocol validation be as fast – and accurate – as possible. That’s why BIG-IP DNS has taken its protocol validation to hardware, scaling up to seven times that of pure software. That improvement in speed and scale ensures that apps and organizations relying on BIG-IP DNS to respond with alacrity while withstanding attacks aren’t disappointed.

Similarly, BIG-IP DNS can now use hardware for scaling caching. With up to five times the scalability of software, taking advantage of hardware designed for the purpose means BIG-IP DNS caches more and responds even faster. All those mobile devices with increasing new apps linking to the newest thing on the Internet now have a faster subscriber experience with DNS Caching hyperscaling those service responses. That’s because DNS latency drops in a flash and users aren’t waiting around for the app to populate the next swipe or update critical financial data.

DNS can be more than just a simple discovery service. It can, and should, make intelligent decisions regarding how it directs clients to the appropriate application, services, or sites. In the increasingly cloud-first, hybrid world in which we often trade control for cost savings and agility, we need to be aware of and use to our advantage those tools in our technology toolboxes that can give us some of the control we need without sacrificing the flexibility of hybrid deployments.